Intelligence mined from exposed Black Basta internal chats

CyberScoop reports that threat defenders have obtained valuable intelligence from the Black Basta ransomware-as-a-service operation's internal chat log leak, which was noted to be as significant as the exposure of the Conti ransomware gang's internal messages three years ago.

Analysis of almost 200,000 Russian-language Black Basta communications between September 2023 and September 2024 conducted by Microsoft senior security researcher Thomas Roccia revealed IP addresses, credentials, domains, file names, and other possible indicators of compromise.

Black Basta — which has been inactive this year amid internal strife following a slew of attacks that the Cybersecurity and Infrastructure Security Agency noted to have impacted at least a dozen critical infrastructure sectors — also had its initial attack vectors and detection bypass techniques uncovered by other researchers.

Other ransomware gangs also had their infrastructure, malicious services, and commands revealed by exposed chats, said Google Threat Intelligence Group Head of Cybercrime Analysis Genevieve Stark.

"Defenders can then use this information to prioritize their detection and hunting efforts," Stark added.